@phuetz/code-buddy 0.1.13 → 0.1.14

package/dist/tools/bash/command-validator.js

@@ -0,0 +1,223 @@
+/**
+ * Command validation and environment filtering for BashTool.
+ *
+ * Contains:
+ * - extractBaseCommand: Parses the base command from a shell string
+ * - hasShellBypassFeatures: Detects shell features that could bypass validation
+ * - validateCommand: Full security validation pipeline
+ * - getFilteredEnv: Environment variable filtering for child processes
+ */
+import { BLOCKED_PATTERNS, BLOCKED_CONTROL_CHARS, ANSI_ESCAPE_PATTERN, BLOCKED_COMMANDS, SAFE_ENV_VARS, BLOCKED_PATHS, } from './security-patterns.js';
+import { parseBashCommand } from '../../security/bash-parser.js';
+import { isDangerousCommand } from '../../security/dangerous-patterns.js';
+import { auditLogger } from '../../security/audit-logger.js';
+/**
+ * Extract the base command from a command string
+ * Handles paths, env var prefixes, and common shell constructs
+ */
+export function extractBaseCommand(command) {
+    // Trim and handle empty
+    const trimmed = command.trim();
+    if (!trimmed)
+        return null;
+    // Skip leading environment variable assignments (VAR=value cmd)
+    let remaining = trimmed;
+    while (/^[A-Za-z_][A-Za-z0-9_]*=\S*\s+/.test(remaining)) {
+        remaining = remaining.replace(/^[A-Za-z_][A-Za-z0-9_]*=\S*\s+/, '');
+    }
+    // Get the first token
+    const match = remaining.match(/^(\S+)/);
+    if (!match)
+        return null;
+    let cmd = match[1];
+    // Remove path prefix (e.g., /usr/bin/ls -> ls)
+    if (cmd.includes('/')) {
+        cmd = cmd.split('/').pop() || cmd;
+    }
+    // Handle ./ prefix
+    if (cmd.startsWith('./')) {
+        cmd = cmd.slice(2);
+    }
+    return cmd.toLowerCase();
+}
+/**
+ * Check if command uses shell features that could bypass validation
+ */
+export function hasShellBypassFeatures(command) {
+    // Check for multiple commands via && || ; |
+    // But allow single pipes for grep, etc.
+    const multiCommandPatterns = [
+        { pattern: /;\s*\S/, reason: 'Command chaining with semicolon' },
+        { pattern: /&&\s*\S/, reason: 'Command chaining with &&' },
+        { pattern: /\|\|\s*\S/, reason: 'Command chaining with ||' },
+        { pattern: /\|\s*(?:bash|sh|zsh|ksh|csh|fish|dash)\b/i, reason: 'Pipe to shell' },
+    ];
+    for (const { pattern, reason } of multiCommandPatterns) {
+        if (pattern.test(command)) {
+            // Check if this is a safe pipe (e.g., grep | wc)
+            if (reason === 'Pipe to shell') {
+                return { bypass: true, reason };
+            }
+            // For other chaining, check if the second command is safe
+            // For now, we'll allow chaining but each command gets validated separately
+        }
+    }
+    // Check for process substitution
+    if (/[<>]\(/.test(command)) {
+        return { bypass: true, reason: 'Process substitution detected' };
+    }
+    // Check for here-string/here-doc that could contain encoded payloads
+    if (/<<</.test(command)) {
+        return { bypass: true, reason: 'Here-string detected' };
+    }
+    return { bypass: false };
+}
+/**
+ * Validate command for dangerous patterns
+ *
+ * Security checks performed (in order):
+ * 1. Control characters - blocks terminal manipulation
+ * 2. ANSI escape sequences - blocks display manipulation
+ * 3. Shell bypass features - blocks process substitution, here-strings, etc.
+ * 4. Base command blocklist - blocks known dangerous commands
+ * 5. Blocked command patterns - blocks known dangerous patterns
+ * 6. Protected paths - blocks access to sensitive directories
+ *
+ * Note: Sandbox manager validation is performed separately by the caller
+ * since it requires instance state.
+ */
+export function validateCommand(command) {
+    // Check for dangerous control characters
+    if (BLOCKED_CONTROL_CHARS.test(command)) {
+        return {
+            valid: false,
+            reason: 'Command contains blocked control characters'
+        };
+    }
+    // Check for ANSI escape sequences that could manipulate terminal
+    if (ANSI_ESCAPE_PATTERN.test(command)) {
+        return {
+            valid: false,
+            reason: 'Command contains blocked ANSI escape sequences'
+        };
+    }
+    // Check for shell bypass features
+    const bypassCheck = hasShellBypassFeatures(command);
+    if (bypassCheck.bypass) {
+        return {
+            valid: false,
+            reason: `Shell bypass blocked: ${bypassCheck.reason}`
+        };
+    }
+    // Extract base command and check against blocklist
+    const baseCmd = extractBaseCommand(command);
+    if (baseCmd && BLOCKED_COMMANDS.has(baseCmd)) {
+        return {
+            valid: false,
+            reason: `Blocked command: ${baseCmd}`
+        };
+    }
+    // Check for blocked patterns
+    for (const pattern of BLOCKED_PATTERNS) {
+        if (pattern.test(command)) {
+            return {
+                valid: false,
+                reason: `Blocked command pattern detected: ${pattern.source}`
+            };
+        }
+    }
+    // Check for access to blocked paths
+    for (const blockedPath of BLOCKED_PATHS) {
+        if (command.includes(blockedPath)) {
+            auditLogger.logCommandValidation({ command, valid: false, reason: `Protected path: ${blockedPath}`, source: 'command-validator' });
+            return {
+                valid: false,
+                reason: `Access to protected path blocked: ${blockedPath}`
+            };
+        }
+    }
+    // Phase 2: AST-based validation via bash-parser
+    // Parse the command into individual commands and validate each
+    try {
+        const parsed = parseBashCommand(command);
+        for (const cmd of parsed.commands) {
+            // Check each parsed command name against centralized dangerous commands
+            if (isDangerousCommand(cmd.command)) {
+                // Allow if it's already in the legacy BLOCKED_COMMANDS (already checked above)
+                // This catches commands the regex-based approach might miss
+                if (!BLOCKED_COMMANDS.has(cmd.command.toLowerCase())) {
+                    auditLogger.logCommandValidation({
+                        command,
+                        valid: false,
+                        reason: `Dangerous command detected by parser: ${cmd.command}`,
+                        source: 'bash-parser',
+                    });
+                    return {
+                        valid: false,
+                        reason: `Blocked command (AST): ${cmd.command}`,
+                    };
+                }
+            }
+            // Check subshell commands too
+            if (cmd.isSubshell && isDangerousCommand(cmd.command)) {
+                auditLogger.logCommandValidation({
+                    command,
+                    valid: false,
+                    reason: `Dangerous command in subshell: ${cmd.command}`,
+                    source: 'bash-parser',
+                });
+                return {
+                    valid: false,
+                    reason: `Blocked command in subshell: ${cmd.command}`,
+                };
+            }
+        }
+    }
+    catch {
+        // If parsing fails, fall through to allow (already validated by regex above)
+    }
+    auditLogger.logCommandValidation({ command, valid: true, source: 'command-validator' });
+    return { valid: true };
+}
+/**
+ * Filter environment variables to only include safe ones
+ * This prevents credential leakage to child processes
+ *
+ * Security measures:
+ * - Only allowlisted variable names are passed through
+ * - Values containing shell metacharacters are sanitized
+ * - Values that look like secrets are excluded
+ */
+export function getFilteredEnv() {
+    const filtered = {};
+    // Patterns that suggest a value is a secret (even if var name is allowed)
+    const secretPatterns = [
+        /^sk-[a-zA-Z0-9]{20,}$/, // OpenAI-style keys
+        /^xai-[a-zA-Z0-9]{20,}$/, // xAI keys
+        /^ghp_[a-zA-Z0-9]{36}$/, // GitHub PAT
+        /^gho_[a-zA-Z0-9]{36}$/, // GitHub OAuth
+        /^github_pat_/i, // GitHub fine-grained PAT
+        /^AKIA[A-Z0-9]{16}$/, // AWS Access Key
+        /^npm_[a-zA-Z0-9]{36}$/, // NPM token
+        /^eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+$/, // JWT
+        /^[a-f0-9]{64}$/i, // Hex-encoded secrets (64 chars)
+        /^-----BEGIN.*PRIVATE KEY-----/m, // Private keys
+    ];
+    for (const [key, value] of Object.entries(process.env)) {
+        if (value === undefined)
+            continue;
+        // Only allow safe variable names
+        if (!SAFE_ENV_VARS.has(key))
+            continue;
+        // Check if value looks like a secret
+        const looksLikeSecret = secretPatterns.some(pattern => pattern.test(value));
+        if (looksLikeSecret)
+            continue;
+        // Sanitize value - remove control characters
+        // eslint-disable-next-line no-control-regex
+        const sanitized = value.replace(/[\x00-\x1f\x7f]/g, '');
+        filtered[key] = sanitized;
+    }
+    return filtered;
+}
+//# sourceMappingURL=command-validator.js.map

package/dist/tools/bash/command-validator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-validator.js","sourceRoot":"","sources":["../../../src/tools/bash/command-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,mBAAmB,EACnB,gBAAgB,EAChB,aAAa,EACb,aAAa,GACd,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sCAAsC,CAAC;AAC1E,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAE7D;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,wBAAwB;IACxB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,gEAAgE;IAChE,IAAI,SAAS,GAAG,OAAO,CAAC;IACxB,OAAO,gCAAgC,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QACxD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,sBAAsB;IACtB,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnB,+CAA+C;IAC/C,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC;IACpC,CAAC;IAED,mBAAmB;IACnB,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;IAED,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,4CAA4C;IAC5C,wCAAwC;IACxC,MAAM,oBAAoB,GAAG;QAC3B,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,iCAAiC,EAAE;QAChE,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,0BAA0B,EAAE;QAC1D,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,0BAA0B,EAAE;QAC5D,EAAE,OAAO,EAAE,2CAA2C,EAAE,MAAM,EAAE,eAAe,EAAE;KAClF,CAAC;IAEF,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,oBAAoB,EAAE,CAAC;QACvD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,iDAAiD;YACjD,IAAI,MAAM,KAAK,eAAe,EAAE,CAAC;gBAC/B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;YAClC,CAAC;YACD,0DAA0D;YAC1D,2EAA2E;QAC7E,CAAC;IACH,CAAC;IAED,iCAAiC;IACjC,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IACnE,CAAC;IAED,qEAAqE;IACrE,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,yCAAyC;IACzC,IAAI,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACxC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,6CAA6C;SACtD,CAAC;IACJ,CAAC;IAED,iEAAiE;IACjE,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gDAAgD;SACzD,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,WAAW,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,yBAAyB,WAAW,CAAC,MAAM,EAAE;SACtD,CAAC;IACJ,CAAC;IAED,mDAAmD;IACnD,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,OAAO,IAAI,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,oBAAoB,OAAO,EAAE;SACtC,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,qCAAqC,OAAO,CAAC,MAAM,EAAE;aAC9D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,KAAK,MAAM,WAAW,IAAI,aAAa,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,WAAW,CAAC,oBAAoB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,WAAW,EAAE,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACnI,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,qCAAqC,WAAW,EAAE;aAC3D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,+DAA+D;IAC/D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACzC,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAClC,wEAAwE;YACxE,IAAI,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,+EAA+E;gBAC/E,4DAA4D;gBAC5D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBACrD,WAAW,CAAC,oBAAoB,CAAC;wBAC/B,OAAO;wBACP,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,yCAAyC,GAAG,CAAC,OAAO,EAAE;wBAC9D,MAAM,EAAE,aAAa;qBACtB,CAAC,CAAC;oBACH,OAAO;wBACL,KAAK,EAAE,KAAK;wBACZ,MAAM,EAAE,0BAA0B,GAAG,CAAC,OAAO,EAAE;qBAChD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,8BAA8B;YAC9B,IAAI,GAAG,CAAC,UAAU,IAAI,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtD,WAAW,CAAC,oBAAoB,CAAC;oBAC/B,OAAO;oBACP,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,kCAAkC,GAAG,CAAC,OAAO,EAAE;oBACvD,MAAM,EAAE,aAAa;iBACtB,CAAC,CAAC;gBACH,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,gCAAgC,GAAG,CAAC,OAAO,EAAE;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6EAA6E;IAC/E,CAAC;IAED,WAAW,CAAC,oBAAoB,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC;IACxF,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc;IAC5B,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAE5C,0EAA0E;IAC1E,MAAM,cAAc,GAAG;QACrB,uBAAuB,EAAO,oBAAoB;QAClD,wBAAwB,EAAM,WAAW;QACzC,uBAAuB,EAAO,aAAa;QAC3C,uBAAuB,EAAO,eAAe;QAC7C,eAAe,EAAe,0BAA0B;QACxD,oBAAoB,EAAU,iBAAiB;QAC/C,uBAAuB,EAAO,YAAY;QAC1C,qDAAqD,EAAE,MAAM;QAC7D,iBAAiB,EAAa,iCAAiC;QAC/D,gCAAgC,EAAE,eAAe;KAClD,CAAC;IAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,IAAI,KAAK,KAAK,SAAS;YAAE,SAAS;QAElC,iCAAiC;QACjC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAEtC,qCAAqC;QACrC,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5E,IAAI,eAAe;YAAE,SAAS;QAE9B,6CAA6C;QAC7C,4CAA4C;QAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;QAExD,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/tools/bash/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Bash tool module - barrel export.
+ *
+ * Re-exports BashTool for backward compatibility with existing imports
+ * from 'src/tools/bash' or 'src/tools/bash.js'.
+ */
+export { BashTool } from './bash-tool.js';

package/dist/tools/bash/index.js

@@ -0,0 +1,8 @@
+/**
+ * Bash tool module - barrel export.
+ *
+ * Re-exports BashTool for backward compatibility with existing imports
+ * from 'src/tools/bash' or 'src/tools/bash.js'.
+ */
+export { BashTool } from './bash-tool.js';
+//# sourceMappingURL=index.js.map

package/dist/tools/bash/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/tools/bash/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/tools/bash/security-patterns.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Security patterns and constants for BashTool command validation.
+ *
+ * Contains:
+ * - BLOCKED_PATTERNS: Regex patterns for always-blocked commands
+ * - BLOCKED_CONTROL_CHARS: Control characters that are never allowed
+ * - ANSI_ESCAPE_PATTERN: Terminal manipulation sequences
+ * - ALLOWED_COMMANDS: Allowlist for strict mode (reserved)
+ * - BLOCKED_COMMANDS: Commands blocked even in non-strict mode
+ * - SAFE_ENV_VARS: Allowlist of environment variables for child processes
+ * - BLOCKED_PATHS: Sensitive paths that should never be accessed
+ */
+/**
+ * Dangerous command patterns that are always blocked
+ */
+export declare const BLOCKED_PATTERNS: RegExp[];
+/**
+ * Control characters that are never allowed in commands
+ * These could be used to manipulate terminal output or bypass validation
+ */
+export declare const BLOCKED_CONTROL_CHARS: RegExp;
+/**
+ * ANSI escape sequences that could manipulate terminal display
+ */
+export declare const ANSI_ESCAPE_PATTERN: RegExp;
+/**
+ * Allowlist of safe base commands
+ * Only commands starting with these are allowed in strict mode
+ * Reserved for future strict mode implementation
+ */
+export declare const _ALLOWED_COMMANDS: Set<string>;
+/**
+ * Commands that should be completely blocked even in non-strict mode
+ */
+export declare const BLOCKED_COMMANDS: Set<string>;
+/**
+ * Whitelist of safe environment variables to pass to child processes
+ * All other env vars (especially secrets) are filtered out
+ */
+export declare const SAFE_ENV_VARS: Set<string>;
+/**
+ * Paths that should never be accessed
+ */
+export declare const BLOCKED_PATHS: string[];

package/dist/tools/bash/security-patterns.js

@@ -0,0 +1,234 @@
+/**
+ * Security patterns and constants for BashTool command validation.
+ *
+ * Contains:
+ * - BLOCKED_PATTERNS: Regex patterns for always-blocked commands
+ * - BLOCKED_CONTROL_CHARS: Control characters that are never allowed
+ * - ANSI_ESCAPE_PATTERN: Terminal manipulation sequences
+ * - ALLOWED_COMMANDS: Allowlist for strict mode (reserved)
+ * - BLOCKED_COMMANDS: Commands blocked even in non-strict mode
+ * - SAFE_ENV_VARS: Allowlist of environment variables for child processes
+ * - BLOCKED_PATHS: Sensitive paths that should never be accessed
+ */
+import path from 'path';
+import os from 'os';
+/**
+ * Dangerous command patterns that are always blocked
+ */
+export const BLOCKED_PATTERNS = [
+    // Filesystem destruction
+    /rm\s+(-rf?|--recursive)\s+[/~]/i, // rm -rf / or ~
+    /rm\s+.*\/\s*$/i, // rm something/
+    />\s*\/dev\/sd[a-z]/i, // Write to disk device
+    /dd\s+.*if=.*of=\/dev/i, // dd to device
+    /mkfs/i, // Format filesystem
+    /:\(\)\s*\{\s*:\|:&\s*\};:/, // Fork bomb :(){ :|:& };:
+    /chmod\s+-R\s+777\s+\//i, // chmod 777 /
+    // Remote code execution via pipe to shell
+    /wget.*\|\s*(ba)?sh/i, // wget | sh
+    /curl.*\|\s*(ba)?sh/i, // curl | sh
+    /sudo\s+(rm|dd|mkfs)/i, // sudo dangerous commands
+    // Command injection via command substitution
+    /\$\([^)]*(?:rm|dd|mkfs|chmod|chown|curl|wget|nc|netcat|bash|sh|eval|exec)/i, // $(dangerous_cmd)
+    /`[^`]*(?:rm|dd|mkfs|chmod|chown|curl|wget|nc|netcat|bash|sh|eval|exec)/i, // `dangerous_cmd`
+    // Dangerous variable expansion that could leak secrets
+    /\$\{?(?:GROK_API_KEY|AWS_SECRET|AWS_ACCESS_KEY|AWS_SESSION_TOKEN|GITHUB_TOKEN|NPM_TOKEN|MORPH_API_KEY|DATABASE_URL|DB_PASSWORD|SECRET_KEY|PRIVATE_KEY|API_KEY|API_SECRET|AUTH_TOKEN|ACCESS_TOKEN|OPENAI_API_KEY|ANTHROPIC_API_KEY|SLACK_TOKEN|DISCORD_TOKEN)\}?/i,
+    // Eval and exec injection
+    /\beval\s+.*\$/i, // eval with variable expansion
+    /\bexec\s+\d*[<>]/i, // exec with redirections
+    // Hex/octal encoded dangerous commands (bypass attempts)
+    /\\x[0-9a-f]{2}/i, // Hex escape sequences
+    /\\[0-7]{3}/, // Octal escape sequences
+    /\$'\\x/i, // ANSI-C quoting with hex
+    /\$'\\[0-7]/, // ANSI-C quoting with octal
+    /\$'[^']*\\[nrtbfv]/i, // ANSI-C with escape sequences
+    // Base64 decode piped to shell
+    /base64\s+(-d|--decode).*\|\s*(ba)?sh/i,
+    // Network exfiltration patterns
+    /\|\s*(nc|netcat|curl|wget)\s+[^|]*(>|>>)/i, // pipe to network tool with redirect
+    />\s*\/dev\/(tcp|udp)\//i, // bash network redirection
+    /\bnc\s+-[elp]/i, // netcat listen/exec modes
+    /\bbash\s+-i\s+>&?\s*\/dev\/(tcp|udp)/i, // bash reverse shell
+    // Additional bypass patterns
+    /\bprintf\s+['"]%b['"].*\\x/i, // printf %b with hex (bypass)
+    /\becho\s+-e\s+.*\\x/i, // echo -e with hex
+    /\becho\s+\$'\\x/i, // echo with ANSI-C quoting
+    /\bxxd\s+-r.*\|\s*(ba)?sh/i, // xxd decode to shell
+    /\bpython[23]?\s+-c\s+['"].*(?:exec|eval|os\.system|subprocess|__import__)/i, // Python code exec
+    /\bperl\s+-e\s+['"].*(?:system|exec|`)/i, // Perl code exec
+    /\bruby\s+-e\s+['"].*(?:system|exec|`)/i, // Ruby code exec
+    /\bnode\s+-e\s+['"].*(?:exec|spawn|child_process)/i, // Node.js code exec
+    /\bawk\s+.*\bsystem\s*\(/i, // awk system() call
+    // Unicode/special character bypass attempts
+    // eslint-disable-next-line no-control-regex
+    /[\u0000-\u001f]/, // Control characters (except common whitespace handled separately)
+    /[\u007f-\u009f]/, // Delete and C1 control codes
+    /[\u200b-\u200f]/, // Zero-width and directional chars
+    /[\u2028\u2029]/, // Line/paragraph separators
+    /[\ufeff]/, // BOM
+    /[\ufff0-\uffff]/, // Specials block
+];
+/**
+ * Control characters that are never allowed in commands
+ * These could be used to manipulate terminal output or bypass validation
+ */
+// eslint-disable-next-line no-control-regex
+export const BLOCKED_CONTROL_CHARS = /[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/;
+/**
+ * ANSI escape sequences that could manipulate terminal display
+ */
+// eslint-disable-next-line no-control-regex
+export const ANSI_ESCAPE_PATTERN = /\x1b\[[0-9;]*[a-zA-Z]|\x1b[PX^_][^\x1b]*\x1b\\|\x1b\][^\x07]*\x07/;
+/**
+ * Allowlist of safe base commands
+ * Only commands starting with these are allowed in strict mode
+ * Reserved for future strict mode implementation
+ */
+export const _ALLOWED_COMMANDS = new Set([
+    // File operations (read-only or safe)
+    'ls', 'cat', 'head', 'tail', 'less', 'more', 'file', 'stat', 'wc',
+    'find', 'locate', 'which', 'whereis', 'type',
+    // Text processing
+    'grep', 'egrep', 'fgrep', 'rg', 'ag', 'ack',
+    'sed', 'awk', 'cut', 'sort', 'uniq', 'tr', 'diff', 'comm',
+    // Development tools
+    'git', 'npm', 'npx', 'yarn', 'pnpm', 'bun',
+    'node', 'deno', 'python', 'python3', 'pip', 'pip3',
+    'cargo', 'rustc', 'go', 'java', 'javac', 'mvn', 'gradle',
+    'make', 'cmake', 'gcc', 'g++', 'clang',
+    // Build and test
+    'jest', 'vitest', 'mocha', 'pytest', 'tsc', 'esbuild', 'vite', 'webpack',
+    'eslint', 'prettier', 'biome',
+    // System info (safe read-only)
+    'echo', 'printf', 'pwd', 'date', 'whoami', 'hostname', 'uname',
+    'env', 'printenv', 'id', 'groups',
+    // Process info
+    'ps', 'top', 'htop', 'pgrep',
+    // Network diagnostics (read-only)
+    'ping', 'dig', 'nslookup', 'host',
+    // Archives (read operations)
+    'tar', 'zip', 'unzip', 'gzip', 'gunzip', 'bzip2', 'xz',
+    // Directory operations
+    'mkdir', 'rmdir', 'cd',
+    // Safe file operations
+    'cp', 'mv', 'touch', 'ln',
+    // Docker (controlled)
+    'docker', 'docker-compose', 'podman',
+    // Kubernetes (controlled)
+    'kubectl', 'helm',
+    // Cloud CLI (controlled)
+    'aws', 'gcloud', 'az',
+    // Misc safe commands
+    'jq', 'yq', 'tree', 'realpath', 'basename', 'dirname',
+    'sleep', 'true', 'false', 'test', '[',
+    // Package managers
+    'apt', 'apt-get', 'brew', 'dnf', 'yum', 'pacman',
+]);
+/**
+ * Commands that should be completely blocked even in non-strict mode
+ */
+export const BLOCKED_COMMANDS = new Set([
+    'rm', 'shred', 'wipefs', // Destructive file operations (blocked without confirmation path)
+    'mkfs', 'fdisk', 'parted', // Disk operations
+    'dd', // Raw disk operations
+    'chmod', 'chown', 'chgrp', // Permission changes (blocked at base level)
+    'sudo', 'su', 'doas', // Privilege escalation
+    'nc', 'netcat', 'ncat', // Network tools that can be dangerous
+    'socat', // Socket relay
+    'telnet', 'ftp', // Insecure protocols
+    'nmap', 'masscan', // Port scanning
+    'tcpdump', 'wireshark', 'tshark', // Packet capture
+    'strace', 'ltrace', 'ptrace', // Process tracing
+    'gdb', 'lldb', // Debuggers (can be abused)
+    'reboot', 'shutdown', 'poweroff', 'halt', // System control
+    'init', 'systemctl', 'service', // Service control
+    'iptables', 'nft', 'firewall-cmd', // Firewall
+    'mount', 'umount', // Mount operations
+    'insmod', 'rmmod', 'modprobe', // Kernel modules
+    'sysctl', // Kernel parameters
+    'crontab', 'at', // Scheduled tasks
+    'useradd', 'userdel', 'usermod', // User management
+    'passwd', 'chpasswd', // Password changes
+    'visudo', // Sudoers editing
+    'ssh-keygen', 'ssh-add', // SSH key operations
+    'gpg', // GPG operations
+    'openssl', // Certificate operations (can leak keys)
+]);
+/**
+ * Whitelist of safe environment variables to pass to child processes
+ * All other env vars (especially secrets) are filtered out
+ */
+export const SAFE_ENV_VARS = new Set([
+    // System paths and locale
+    'PATH',
+    'HOME',
+    'USER',
+    'SHELL',
+    'LANG',
+    'LC_ALL',
+    'LC_CTYPE',
+    'TERM',
+    'TZ',
+    'TMPDIR',
+    'TEMP',
+    'TMP',
+    // Node.js
+    'NODE_ENV',
+    'NODE_PATH',
+    'NODE_OPTIONS',
+    // Development tools
+    'EDITOR',
+    'VISUAL',
+    'PAGER',
+    'LESS',
+    // Git (non-sensitive)
+    'GIT_AUTHOR_NAME',
+    'GIT_AUTHOR_EMAIL',
+    'GIT_COMMITTER_NAME',
+    'GIT_COMMITTER_EMAIL',
+    'GIT_TERMINAL_PROMPT',
+    // CI/CD flags (non-sensitive)
+    'CI',
+    'CONTINUOUS_INTEGRATION',
+    // Display
+    'DISPLAY',
+    'COLORTERM',
+    // Python
+    'PYTHONPATH',
+    'PYTHONIOENCODING',
+    'VIRTUAL_ENV',
+    // Package managers (non-sensitive config)
+    'NPM_CONFIG_YES',
+    'YARN_ENABLE_PROGRESS_BARS',
+    'DEBIAN_FRONTEND',
+    // History control
+    'HISTFILE',
+    'HISTSIZE',
+    // Output control
+    'NO_COLOR',
+    'FORCE_COLOR',
+    'NO_TTY',
+    // Current working directory
+    'PWD',
+    'OLDPWD',
+]);
+/**
+ * Paths that should never be accessed
+ */
+export const BLOCKED_PATHS = [
+    path.join(os.homedir(), '.ssh'),
+    path.join(os.homedir(), '.gnupg'),
+    path.join(os.homedir(), '.aws'),
+    path.join(os.homedir(), '.docker'),
+    path.join(os.homedir(), '.npmrc'),
+    path.join(os.homedir(), '.gitconfig'),
+    path.join(os.homedir(), '.netrc'),
+    path.join(os.homedir(), '.env'),
+    path.join(os.homedir(), '.config/gh'),
+    path.join(os.homedir(), '.config/gcloud'),
+    path.join(os.homedir(), '.kube'),
+    '/etc/passwd',
+    '/etc/shadow',
+    '/etc/sudoers',
+];
+//# sourceMappingURL=security-patterns.js.map

package/dist/tools/bash/security-patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-patterns.js","sourceRoot":"","sources":["../../../src/tools/bash/security-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAa;IACxC,yBAAyB;IACzB,iCAAiC,EAAG,gBAAgB;IACpD,gBAAgB,EAAuB,gBAAgB;IACvD,qBAAqB,EAAkB,uBAAuB;IAC9D,uBAAuB,EAAe,eAAe;IACrD,OAAO,EAAgC,oBAAoB;IAC3D,2BAA2B,EAAW,0BAA0B;IAChE,wBAAwB,EAAc,cAAc;IAEpD,0CAA0C;IAC1C,qBAAqB,EAAiB,YAAY;IAClD,qBAAqB,EAAiB,YAAY;IAClD,sBAAsB,EAAgB,0BAA0B;IAEhE,6CAA6C;IAC7C,4EAA4E,EAAG,mBAAmB;IAClG,yEAAyE,EAAM,kBAAkB;IAEjG,uDAAuD;IACvD,kQAAkQ;IAElQ,0BAA0B;IAC1B,gBAAgB,EAAuB,+BAA+B;IACtE,mBAAmB,EAAoB,yBAAyB;IAEhE,yDAAyD;IACzD,iBAAiB,EAAsB,uBAAuB;IAC9D,YAAY,EAA2B,yBAAyB;IAChE,SAAS,EAA8B,0BAA0B;IACjE,YAAY,EAA2B,4BAA4B;IACnE,qBAAqB,EAAkB,+BAA+B;IAEtE,+BAA+B;IAC/B,uCAAuC;IAEvC,gCAAgC;IAChC,2CAA2C,EAAG,qCAAqC;IACnF,yBAAyB,EAAc,2BAA2B;IAClE,gBAAgB,EAAuB,2BAA2B;IAClE,uCAAuC,EAAE,qBAAqB;IAE9D,6BAA6B;IAC7B,6BAA6B,EAAU,8BAA8B;IACrE,sBAAsB,EAAiB,mBAAmB;IAC1D,kBAAkB,EAAqB,2BAA2B;IAClE,2BAA2B,EAAY,sBAAsB;IAC7D,4EAA4E,EAAE,mBAAmB;IACjG,wCAAwC,EAAE,iBAAiB;IAC3D,wCAAwC,EAAE,iBAAiB;IAC3D,mDAAmD,EAAE,oBAAoB;IACzE,0BAA0B,EAAa,oBAAoB;IAE3D,4CAA4C;IAC5C,4CAA4C;IAC5C,iBAAiB,EAAsB,mEAAmE;IAC1G,iBAAiB,EAAsB,8BAA8B;IACrE,iBAAiB,EAAsB,mCAAmC;IAC1E,gBAAgB,EAAuB,4BAA4B;IACnE,UAAU,EAA6B,MAAM;IAC7C,iBAAiB,EAAsB,iBAAiB;CACzD,CAAC;AAEF;;;GAGG;AACH,4CAA4C;AAC5C,MAAM,CAAC,MAAM,qBAAqB,GAAW,kCAAkC,CAAC;AAEhF;;GAEG;AACH,4CAA4C;AAC5C,MAAM,CAAC,MAAM,mBAAmB,GAAW,mEAAmE,CAAC;AAE/G;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAgB,IAAI,GAAG,CAAC;IACpD,sCAAsC;IACtC,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI;IACjE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM;IAC5C,kBAAkB;IAClB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK;IAC3C,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM;IACzD,oBAAoB;IACpB,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK;IAC1C,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM;IAClD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ;IACxD,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO;IACtC,iBAAiB;IACjB,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS;IACxE,QAAQ,EAAE,UAAU,EAAE,OAAO;IAC7B,+BAA+B;IAC/B,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO;IAC9D,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ;IACjC,eAAe;IACf,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO;IAC5B,kCAAkC;IAClC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM;IACjC,6BAA6B;IAC7B,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI;IACtD,uBAAuB;IACvB,OAAO,EAAE,OAAO,EAAE,IAAI;IACtB,uBAAuB;IACvB,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI;IACzB,sBAAsB;IACtB,QAAQ,EAAE,gBAAgB,EAAE,QAAQ;IACpC,0BAA0B;IAC1B,SAAS,EAAE,MAAM;IACjB,yBAAyB;IACzB,KAAK,EAAE,QAAQ,EAAE,IAAI;IACrB,qBAAqB;IACrB,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS;IACrD,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG;IACrC,mBAAmB;IACnB,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ;CACjD,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAgB,IAAI,GAAG,CAAC;IACnD,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAY,kEAAkE;IACrG,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAU,kBAAkB;IACrD,IAAI,EAAgC,sBAAsB;IAC1D,OAAO,EAAE,OAAO,EAAE,OAAO,EAAU,6CAA6C;IAChF,MAAM,EAAE,IAAI,EAAE,MAAM,EAAe,uBAAuB;IAC1D,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAa,sCAAsC;IACzE,OAAO,EAA6B,eAAe;IACnD,QAAQ,EAAE,KAAK,EAAoB,qBAAqB;IACxD,MAAM,EAAE,SAAS,EAAkB,gBAAgB;IACnD,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,iBAAiB;IACnD,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAM,kBAAkB;IACpD,KAAK,EAAE,MAAM,EAAsB,4BAA4B;IAC/D,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,iBAAiB;IAC3D,MAAM,EAAE,WAAW,EAAE,SAAS,EAAI,kBAAkB;IACpD,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,WAAW;IAC9C,OAAO,EAAE,QAAQ,EAAkB,mBAAmB;IACtD,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAK,iBAAiB;IACnD,QAAQ,EAA2B,oBAAoB;IACvD,SAAS,EAAE,IAAI,EAAoB,kBAAkB;IACrD,SAAS,EAAE,SAAS,EAAE,SAAS,EAAG,kBAAkB;IACpD,QAAQ,EAAE,UAAU,EAAe,mBAAmB;IACtD,QAAQ,EAA2B,kBAAkB;IACrD,YAAY,EAAE,SAAS,EAAW,qBAAqB;IACvD,KAAK,EAA8B,iBAAiB;IACpD,SAAS,EAA0B,yCAAyC;CAC7E,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,aAAa,GAAgB,IAAI,GAAG,CAAC;IAChD,0BAA0B;IAC1B,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,QAAQ;IACR,UAAU;IACV,MAAM;IACN,IAAI;IACJ,QAAQ;IACR,MAAM;IACN,KAAK;IACL,UAAU;IACV,UAAU;IACV,WAAW;IACX,cAAc;IACd,oBAAoB;IACpB,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,MAAM;IACN,sBAAsB;IACtB,iBAAiB;IACjB,kBAAkB;IAClB,oBAAoB;IACpB,qBAAqB;IACrB,qBAAqB;IACrB,8BAA8B;IAC9B,IAAI;IACJ,wBAAwB;IACxB,UAAU;IACV,SAAS;IACT,WAAW;IACX,SAAS;IACT,YAAY;IACZ,kBAAkB;IAClB,aAAa;IACb,0CAA0C;IAC1C,gBAAgB;IAChB,2BAA2B;IAC3B,iBAAiB;IACjB,kBAAkB;IAClB,UAAU;IACV,UAAU;IACV,iBAAiB;IACjB,UAAU;IACV,aAAa;IACb,QAAQ;IACR,4BAA4B;IAC5B,KAAK;IACL,QAAQ;CACT,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAa;IACrC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC;IAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC;IACjC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC;IAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC;IAClC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC;IACjC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC;IACrC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC;IACjC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC;IAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC;IACrC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,gBAAgB,CAAC;IACzC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC;IAChC,aAAa;IACb,aAAa;IACb,cAAc;CACf,CAAC"}

package/dist/tools/bash/streaming-executor.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Streaming execution for BashTool.
+ *
+ * Contains the executeStreaming AsyncGenerator that yields output chunks
+ * as they arrive from the spawned process.
+ */
+import { ToolResult } from '../../types/index.js';
+export interface StreamingExecutorDeps {
+    getCurrentDirectory: () => string;
+    getSandboxManager: () => {
+        validateCommand(cmd: string): {
+            valid: boolean;
+            reason?: string;
+        };
+    };
+    getRunningProcesses: () => Set<import('child_process').ChildProcess>;
+}
+/**
+ * Execute a command with streaming output.
+ * Yields each line of stdout/stderr as it arrives.
+ * Validates and confirms the command before execution.
+ */
+export declare function executeStreaming(command: string, timeout: number | undefined, deps: StreamingExecutorDeps): AsyncGenerator<string, ToolResult, undefined>;